from the patent-exhaustion-is-exhausting dept

We've covered patent troll Lodsys a bunch of times. If you don't recall, it's one of many patent trolls using patents it obtained via Intellectual Ventures, to shake down tons of mobile app developers, not for anything unique that they developed, but rather because they use Apple and Google's basic in-app payment mechanisms to let people buy stuff from within the app. Lodsys has been particularly aggressive in going after smaller independent developers who likely can't afford a full defense. Lodsys has claimed that Apple and Google each have licensed the patents, and that shows the validity of the patents in question, but they ignore that those licenses came from deals with IV that covered a wide portfolio of patents, not this one in particular. Furthermore, Lodsys, really, really wants to avoid anyone pointing out that the fact that Apple and Google already licensed these patents suggests that developers who use Apple and Google's tools are covered by those licenses under the concept of patent exhaustion, which says that if a supplier licenses a patent to build it into a product, the patent holder doesn't get to double/triple/quadruple collect, by demanding licenses from everyone up and down the supply chain.

Apple, in fact, has tried to intervene in the cases that Lodsys has actually filed (against a subset of the companies to which it has sent threatening demand letters). However, it appears that Lodsys has been quite aggressive in getting companies in such cases to settle (likely by making such a settlement super cheap -- much cheaper than actually going to court) and then arguing that Apple cannot intervene since the case is actually settled.

EFF and the App Developers Alliance (disclosure: the App Developers Alliance sponsors this blog, but we've been covering Lodsys since long before they existed, and will continue to cover them going forward as is newsworthy) have now filed an amicus brief arguing that the court should deny Lodsys' attempt to keep Apple out of one of these cases, because it should be determined once and for all if app developers are immune from Lodsys' questionable threats via Apple's own license. As the brief notes, without this, app developers have significant uncertainty when receiving a threat letter -- and with it a strong incentive to just settle, even if they strongly believe they do not infringe upon the patent (or that the patent is invalid).

If this Court rules in Apple’s favor, it would also grant certainty to the
millions of app developers in this country who face an open-ended threat from Lodsys. It would
have the added benefit of putting litigants and potential targets in other en masse end-user suits
on notice of the scope of risk they might be undertaking when they face these demands.

from the blurring-the-lines dept

It's incredibly easy to do sales/launch promotions horribly wrong. My favorite example is still when Nestle thought that putting tracking devices in their candy wrappers and then hunting people down to give them crap was a good idea. Those with less in the department of good intentions can take things from funny to creepy, such as a pizzeria trading free pie for boob-flash-ery. The point is that you have to make sure you cover all your bases and don't do anything stupid, otherwise you can expect someone to game the system, mock a flaw, take your promotion the wrong way, or send the cops to shoot you. Wait, what?

Must have been a Dunkin Donuts promotion, huh? Hey-ohhhh! Image source: CC BY 2.0

No, it wasn't pastries involved in this raid, it was video games. More specifically, Grand Theft Auto 5, because of course it was. In any case, apparently a retailer in France thought it would be a fun stunt to have their staff dressed up like criminals, thugs, and gang-bangers for the game's launch. The costumes, of course, required replica handguns. Humor, of course, required that passersby immediately call the cops, which resulted in 15 officers descending on the store and scaring the hell out of everyone.

Apparently the retailer forgot the key step of informing local authorities that they were going to be brandishing fake weapons while committing public commerce. You kind of can't do that, unless you want your business on display in all the wrong ways.

from the urls-we-dig-up dept

Some folks are worried that robots are poised to take over too many jobs, leaving a path of unemployed destruction in their wake. Usually, this fear is limited to jobs related to manual labor and manufacturing, but programmers aren't content to make software that will harvest crops or 3D print car parts. Here are a few projects where bots are creating works of art.

from the some-sense dept

The legacy recording industry's ridiculous war on Pandora has reached some really ridiculous levels, especially as ASCAP has continually tried to pretend that Pandora was trying to stiff artists. The details suggested something entirely different. After staying quiet for a while, Pandora finally highlighted the true story, which showed that the claims about Pandora were completely bogus. It was actually ASCAP who was playing sick games with Pandora, trying to remove the right to play certain songs, without even letting Pandora know which songs.

Historically, Pandora has paid essentially the same rate as all other forms of radio, a rate established unilaterally by the performing rights organizations, ASCAP and BMI, in the late 1990s. In November of last year, following a lengthy negotiation, Pandora agreed with ASCAP to a new rate, an increase over the prior amount, and shook hands with ASCAP management. Not only was our hand-shake agreement rejected by the ASCAP board, but shortly thereafter we were subjected to a steady stream of “withdrawals” by major publishers from ASCAP and BMI seeking to negotiate separate and higher rates with Pandora, and only Pandora. This move caused us to seek the protection of the rate, also recently negotiated, enjoyed by the online radio streams of broadcast radio companies. It’s important to note that these streams represent 96% of the Internet radio listening hours among the top 20 services outside of Pandora (talk about an un-level playing field). We did not enter this period looking for a lower rate – we agreed to a higher rate. But in a sad irony, the actions of a few small, but powerful publishers seeking to gain advantage for themselves has caused all songwriters’ royalties to go down. Any characterization of Pandora as being out to cut publishing rates flies in the face of the facts.

And while not highlighted there, Pandora also noted that ASCAP refused to let Pandora know which tracks were being withdrawn, leading to uncertainty over potential liability if it played the wrong track:

During negotiations, ASCAP and the publisher increased the pressure by refusing to provide Pandora the list of tracks that were being withdrawn, exposing Pandora to copyright infringement liability of up to $150,000 per work. At Pandora’s scale, such liability would be enormous.

As we noted at the time, this appeared to be in direct violation of a long-term antitrust agreement ASCAP has with the DOJ, given ASCAP's massive market power. Some in our comments suggested it was crazy to suggest this move violated the antitrust agreement, but a court has basically ruled strongly in favor of Pandora, noting that it goes against the agreement to selectively remove songs from the blanket license, and allowing Pandora to continue to stream such songs. Basically, the court rules that the consent decree from the antitrust fight means that ASCAP can't divide up the various copyrights to separate out things like "new media rights," but rather if it has a song in its catalog, it must license it under its blanket license.

ASCAP’s argument is predicated on the Copyright doctrine of “divisibility of rights” within a copyrighted work. It is true that “[t]he Copyright Act confers upon the owner of a copyright a bundle of discrete exclusive rights, each of which may be transferred or retained separately by the copyright owner.” But while the Copyright Act allows rights within works to be alienated separately in general, [the consent decree] imposes restrictions beyond those imposed by the Copyright Act on ASCAP. [The consent decree denies] ASCAP the power to refuse to grant public performance rights to songs to particular users while, at the same time, retaining the songs in question in its repertory.

I await ASCAP's next press release insisting that Pandora is the one playing games....

from the in-other-words,-it-was-not-secure dept

We've already covered a few times how, despite the NSA's (and its defenders') repeated claims that its systems can't be abused because of its vaunted "auditability," the fact that Snowden got access to all those documents without anyone being able to figure out what he took shows that the audits don't work. It became clear that the audits appear to only apply to analysts, but not sys admins like Snowden, and there are around 1,000 of those, leading to the obvious question: how many others also got classified info without anyone noticing it? One officials has tried to make it out that Snowden was "too brilliant" to work for the NSA, since he covered his tracks. While every indication is that Snowden was, in fact, quite good at his job, and able to cover his tracks well, it's not at all clear that what he did was particularly unique or special.

"His job was to do what he did. He wasn't a ghost. He wasn't that clever. He did his job. He was observed [moving documents], but it was his job."

That report also quotes the NSA's CTO as saying that now, about four months later, the NSA finally has a "good idea" of what Snowden got:

"We have an extremely good idea of exactly what data he got access to and how exactly he got access to it," says the NSA's chief technology officer, Lonny Anderson.

Only took four months. Of course, all of this, once again, raises all sorts of questions. It shows that the NSA's audits were basically non-existent for a very large number of people. It shows that the NSA has almost no legitimate way to go back and see if there were widespread abuses among others with similar "job duties." If it was his "job" to do these kinds of things, and there was no real way to track him without many months of work (and even then, only to the degree that the NSA has a "good idea" of what he did), then there's no real accountability there at all. At this point, it seems reasonable to use this to assume that the NSA's systems aren't even remotely secure, and have regularly been abused, without anyone at the NSA even knowing about it. After all, the NSA itself is admitting that someone doesn't even need to be "that clever" to abscond with tens of thousands of classified info on top secret programs and leave an almost non-existent trail.

from the who-can-you-trust? dept

Torvalds responded "no" while shaking his head "yes," as the audience broke into spontaneous laughter.

Obviously, it's hard to tell from that whether he really meant "yes" or "no". But the question does touch on an important issue: whether open source might be less vulnerable than traditional applications to tampering by the NSA or other intelligence organizations. That's plausible, because by definition free software's code is always available for inspection; the idea is that even if backdoors are somehow introduced, they will be spotted by people looking over the code.

Of course, there are some problems with that. The first is that just because the code is available does not mean anyone will look at it. Secondly, even if the source code is examined and looks fine, that doesn't imply that the compiled version you run on your machine will be -- a well known, and deep problem. So does that mean we should give up on the hope that open source might be better than traditional closed source when it comes to backdoors?

Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software.

After listing a number of recommended software tools, he also makes the following comment:

I understand that most of this is impossible for the typical internet user. Even I don't use all these tools for most everything I am working on. And I'm still primarily on Windows, unfortunately. Linux would be safer.

Thanks to the recent NSA leaks, people are more worried than ever that their software might have backdoors. If you don't believe that the software vendor can resist a backdoor request, the onus is on you to look for a backdoor. What you want is software transparency.

Transparency of this type is a much-touted advantage of open source software, so it's natural to expect that the rise of backdoor fears will boost the popularity of open source code. Many open source projects are fully transparent: not only is the source code public, but the project also makes public the issue tracker that is used to manage known defects and the internal email discussions of the development team. All of these are useful in deterring backdoor attempts.

That's from Ed Felten (pdf), Professor of Computer Science and Public Affairs, Princeton University, and someone whose name has appeared on Techdirt many times. Despite his upbeat assessment of the value of open source in providing software transparency, the rest of his post urges caution:

transparency does not guarantee that holes will be found, because there might not be enough eyeballs on the code. For open source projects, finding backdoors, or security vulnerabilities in general, is a public good, in the economists' sense that effort spent on it benefits everyone, including those who don't contribute any effort themselves. So it's not obvious in advance that any particular open source project can avoid backdoors.

In other words, open source is not a panacea: it is not guaranteed to protect you from backdoors. But, like encryption, it is probably one of the best defenses we have -- whether or not Torvalds was asked to add a backdoor to Linux.

from the free-speech-ftw dept

Last year we wrote about a troubling case, in which a district court ruled that Facebook "likes" were not protected speech under the First Amendment. The full details of the case are fairly complex, but the short version is that some employees of a local sheriff were fired after Facebook "liking" the sheriff's opponent in an upcoming election. The employees appealed. Both Facebook and the ACLU weighed in, urging the appeals court to reverse... and it has now done so in clear and concise language, noting that of course "liking" something on Facebook is a form of expression:

Once one understands the nature of what Carter did by liking the Campaign Page, it becomes apparent that his conduct qualifies as speech. On the most basic level, clicking on the “like” button literally causes to be published the statement that the User “likes” something, which is itself a substantive statement. In the context of a political campaign’s Facebook page, the meaning that the user approves of the candidacy whose page is being liked is unmistakable. That a user may use a single mouse click to produce that message that he likes the page instead of typing the same message with several individual key strokes is of no constitutional significance.

Aside from the fact that liking the Campaign Page constituted pure speech, it also was symbolic expression. The distribution of the universally understood “thumbs up” symbol in association with Adams’s campaign page, like the actual text that liking the page produced, conveyed that Carter supported Adams’s candidacy.

Of course, this doesn't mean you can't be fired for liking something (First Amendment protections are from government activities, not from what a private employer does concerning its employees -- though for government employees it can protect them). However, having a clear ruling that a "like" is a form of protected expression will likely come in handy in other cases in which others try to claim that certain forms of online expression are not protected.

from the SHUT-UP-AND-RETURN-TO-THE-DESIGNATED-'FREE-SPEECH-ZONE' dept

As an American with First Amendment rights, you'd probably assume that a "Free Speech Zone" would look something like this:

The blue on that map should represent areas where you can exercise your right to free speech. Unfortunately, for many college students, their "Free Speech Zone" shrinks considerably when on campus. One out of every six major colleges have designated "Free Speech Zones" where students are "permitted" to "enjoy" this Constitutional right, and even then there are restrictions. In these colleges, exercising your right to free speech means asking permission at least a couple of days in advance as well as having the administration "approve" your speech.

The latest example of confined and controlled speech comes to us courtesy of Modesto Junior College. As FIRE.org reports, a student found his exercise of free speech shut down on one of the worst days of the year for a college to assert its negative attitude towards the First Amendment.

In a stunning illustration of the attitude taken towards free speech by too many colleges across the United States, Modesto Junior College in California told a student that he could not pass out copies of the United States Constitution outside the student center on September 17, 2013—Constitution Day. Captured on video, college police and administrators demanded that Robert Van Tuinen stop passing out Constitution pamphlets and told him that he would only be allowed to pass them out in the college’s tiny free speech zone, and only after scheduling it several days or weeks ahead of time.

After 10 minutes of handing out these pamphlets, Van Tuinen was approached by a campus police officer. After some discussion regarding the ridiculousness of shutting down free speech on Constitution Day and Van Tuinen's repeated assertion of his rights, the campus cop tells him to take it up with administration.

[The officer sends out a little cheap shot before Van Tuinen moves on, telling him, "Look at you. You're shaking." This is a common cop tactic designed to both a) cast suspicion on the person and b) assert the officer's control of the situation. The fact that it's a byproduct of the fight-or-flight response is ignored. People speaking to armed authority figures will often appear nervous because that's how the human brain works. It's not solely a byproduct of fear or guilt. It's adrenaline being pumped with no available outlet.]

The response he receives from administration is no less ridiculous, considering it relies heavily on quoting policy rather than acknowledging the absurdity of shutting down free speech on Constitution Day. (As if it would be any less ridiculous on any other day of the year, but Constitution Day?)

Upon arriving at that office, Van Tuinen talks with administrator Christine Serrano, who tells him that because of “a time, place, and manner,” he can only pass out literature inside the “free speech area,” which she informs him is “in front of the student center, in that little cement area.” She asks him to fill out an application and asks to photocopy his student ID. Hauling out a binder, Serrano says that she has “two people on campus right now, so you’d have to wait until either the 20th, 27th, or you can go into October.” Van Tuinen protests that he wants to pass out the Constitution on Constitution Day, at which point Serrano dismissively tells him “you really don’t need to keep going on.”

So, now everything's clear. In a nation where free speech is one of the foundations of society, an American in a public American college (founded by legislation and infused with public money via grants) is restricted to "that little cement area" (see below) -- and then only with advance notice and permission. Free speech possibly available in October -- get your reservation in now!

As FIRE's Robert Shibley points out, there's really no way Modesto Junior College could have handled this situation any worse than it did.

“Virtually everything that Modesto Junior College could do wrong, it did do wrong. It sent police to enforce an unconstitutional rule, said that students could not freely distribute literature, placed a waiting period on free speech, produced an artificial scarcity of room for free speech with a tiny ‘free speech area,’ and limited the number of speakers on campus to two at a time. This was outrageous from start to finish. Every single person at Modesto responsible for enforcing this policy should have known better.”

Free speech isn't something you box up and dole out. It's the right of all citizens. Modesto Junior College should know this, being a public college, but has apparently decided it's much easier to avoid uncomfortable or unpopular speech by violating its students' First Amendment rights.

from the that's-not-how-it-works dept

Over at Cryptome today there's an absolutely incredible exchange between the Justice Department's Brian Fallon (from the Office of Public Affairs -- basically a PR guy) and Brad Heath, an investigative reporter from USA Today. Heath had sent the DOJ a FOIA request to the DOJ's Office of Professional Responsibility (OPR) asking basically whether or not the OPR had been involved in any investigation concerning the recently declassified FISA Court order, about how the NSA had misled the FISA court and abused its capabilities repeatedly. It certainly seems reasonable to try to find out if the DOJ then investigated those abuses and the NSA's misrepresentations to the FISA court.

The DOJ claimed that there were no responsive documents -- which even by itself is quite incredible. Heath appears to have then followed up with Fallon at the DOJ to seek comments. Fallon's response by itself is stunning:

I have an answer from OPR, and a FISC judge. I am not providing it to you because all you will do is seek to write around it because you are biased in favor of the idea that an inquiry should have been launched. So I will save what I have for another outlet after you publish.

Basically, this is the DOJ giving the middle finger to Heath, telling him that they have answers to his questions, but won't give them to him in order to purposely try to make him look bad by giving those quotes to someone else. Heath, quite reasonably, responded that he's been perfectly patient in waiting for an answer, but if none is forthcoming, he'll write the story as he has it (which, from the FOIA request, suggests that the DOJ did absolutely nothing about the NSA's abuses and misrepresentations to the FISC).

Fallon responds that he's "done negotiating" and claims that he "will work with someone else afterwards explaining why what you reported is off base." So, not only is the DOJ not answering the reporter, it's telling the reporter that the reporter has incorrect information but the DOJ refuses to correct the reporter in order to make the reporter look bad. Heath points out that he's not "negotiating" he's just asking for answers to basic questions. And then the real issue comes out in the DOJ's reply:

You are not actually open-minded to the idea of not writing the story. You are running it regardless. I have information that undercuts your premise, and would provide it if I thought you were able to be convinced that your story is off base. Instead, I think that to provide it to you would just allow you to cover your bases, and factor it into a story you still plan to write. So I prefer to hold onto the information and use it after the fact, with a different outlet that is more objective about whether an OPR inquiry was appropriate

Yeah. The DOJ is saying that it has answers to a reporter's questions, which it knows adds to the public debate about the DOJ's response to the NSA's activities, but because it's trying to stifle the report, it won't share the info with him. This is incredible. It's a clear move by the DOJ to try to silence the press with an effective threat: "if you agree not to publish your article, then we'll explain why we did what we did. If you do publish your article, we'll make you look foolish."

This is incredibly childish and unprofessional behavior by Fallon and the DOJ. Remember how this is supposed to be "the most transparent administration in history"? Apparently the DOJ thinks that only means "we'll be transparent if you only agree to write nice stuff about us." That's not how it works.

Heath points out that Fallon is wrong -- if Heath just wanted to publish the story he would have done so already, without waiting for a comment from the DOJ. And then he points out the obvious:

You can’t seriously ask me not to publish something on the basis of information you won’t share

Either way, this seems to highlight (once again) how the federal government, and especially the DOJ, views journalists these days -- especially investigative journalists. It will do anything possible to intimidate them into not publishing stories that might embarrass the administration. That's not transparency, it's thuggery and intimidation.

from the I-sincerely-hope-I'm-overstating-this-possibility dept

The NSA insists everything that's been exposed so far by Snowden's leaks is direly necessary to protect us from terrorists. It still has trouble pinpointing any instances where bulk records collections and widespread internet data harvesting have prevented attacks, but it continues to assure us of its need to continue building its haystacks unimpeded.

We recently learned that US intelligence agencies had at least three days' warning that Syrian President Bashar al-Assad was preparing to launch a chemical attack on his own people, but wasn't able to stop it…

More interestingly, the US government did not choose to act on that knowledge (for example, launch a preemptive strike), which left some wondering why.

The first aspect is the sheer amount of data. As Schneier points out, connecting the dots is easy… in hindsight. In "realtime," it's impossible.

Rather than thinking of intelligence as a connect-the-dots picture, think of it as a million unnumbered pictures superimposed on top of each other. Which picture is the relevant one? We have no idea. Turning that data into actual information is an extraordinarily difficult problem, and one that the vast scope of our data-gathering programs makes even more difficult.

Our intelligence agencies must realize this. But it seems the thirst for data is unquenchable. Gen. Alexander made it clear he wants to "collect it all." The usefulness of these collections rely on the agency's unshakable faith that a better algorithm is just around the corner -- the final bit of filtering that will make millions of overlayed pictures suddenly snap into focus. Take it all, sort it out later and never mind the fact that the picture just gets more confusing with each additional collection.

The second aspect Schneier points out is a lack of confirmation -- not enough proof to act preemptively. A lack of solid proof can often paralyze government entities, from the White House all the way down to public schools. Rather than make a mistake and suffer the fallout, they refuse to move at all, hoping that some final bit of info will arrive, pristine and transparent, and make that tough decision for them. But nothing's that crystal clear, not when tough decisions need to be made. Anyone can make the easy call. Leaders make the tough calls and not enough people qualify for that title.

But the third aspect is the most chilling. It performs a very dark and very troubling calculation that weighs human lives against continued secrecy.

The third is that while we were sure of our information, we couldn't act because that would reveal "sources and methods." This is probably the most frustrating explanation. Imagine we are able to eavesdrop on al-Assad's most private conversations with his generals and aides, and are absolutely sure of his plans. If we act on them, we reveal that we are eavesdropping. As a result, he's likely to change how he communicates, costing us our ability to eavesdrop. It might sound perverse, but often the fact that we are able to successfully spy on someone is a bigger secret than the information we learn from that spying.

Schneier is discussing this in the context of the Syrian gas attack, but it also contains unsettling implications for the never ending War on Terror. What if the NSA (or CIA or FBI) manage to uncover a terrorist plot via methods it considers too valuable to expose? Does it allow the attack to proceed rather than jeopardize a useful surveillance program? Would it do that, justifying its decision with the rationale that the protected program will save that many more lives in the future?

The decision isn't likely to be completely binary. There are still options to pursue, as Schneier notes, citing an occasion when intelligence agencies did exactly that -- hamstrung their own efforts in order to protect ongoing surveillance.

During the war, the British were able to break the German Enigma encryption machine and eavesdrop on German military communications. But while the Allies knew a lot, they would only act on information they learned when there was another plausible way they could have learned it. They even occasionally manufactured plausible explanations. It was just too risky to tip the Germans off that their encryption machines' code had been broken.

The NSA, with the cooperation of other agencies, could (possibly quite easily) manufacture plausible explanations as to how it got ahold of this intelligence without sacrificing the surveillance method. The other agencies certainly have had no trouble manufacturing cover stories, like the false paper trails, etc. they've used to hide illegal access to data.

But what if there wasn't time or the cover story too full of holes? What then? What if the attack wouldn't affect Americans? Would the NSA let that one go?

More importantly, has the NSA earned the trust that's needed to believe it would sacrifice a valuable intel method rather than prevent an attack? At this point, the answer is no.

On the bright-ish side, several methods have already been at least partially exposed. Inference and extrapolation help round out the picture. If the NSA can do X, then it stands to reason it can do Y. There's less to protect, surveillance-wise and so cover stories will be easier to generate. The fact that the NSA couldn't prevent Snowden from doing what he did and still doesn't seem to have any idea what he took also works in the public's favor. This makes mercenary decisions like the one above less likely simply because there's a very good chance that it will be swiftly exposed, and I don't believe the NSA is actually looking to coat its hands with more blood.

The FBI may seem like a silent partner these days, but it too has its own history of excesses, abuses and overreach.

Since 9/11, the FBI has once again transformed itself into a domestic intelligence agency with the unprecedented power to peer into the lives of ordinary Americans and secretly amass data about people not suspected of any wrongdoing. Through laws passed by Congress, such as the PATRIOT Act, as well as revisions to internal investigative guidelines meant to curb the abuses of the past, the FBI now has the authority to investigate and collect information on Americans without any evidence that they've committed a crime.

With so much power, the result was predictable.

Over the last 12 years, FBI agents have abused the new powers they were given to unfairly target immigrants, racial and religious minorities, and political dissidents for surveillance, infiltration, investigation, and disruption. Specifically, the ACLU has uncovered and documented persistent abuses, including warrantless wiretapping, racial and religious profiling, biased counterterrorism training materials, politically motivated investigations, abusive detention and interrogation practices, and misuse of the No-Fly List to recruit informants.

There's a ton of info in the ACLU's report, and while most of it isn't new, it's still a very thorough breakdown of systemic abuse in the investigative agency. Unlike the NSA, the FBI doesn't necessarily have to take a hands-off approach to Americans or their data. If anything, the FBI is a bigger threat to American citizens and their civil liberties because its domain is primarily the US.

The FBI and NSA are nearly indistinguishable in terms of post-9/11 behavior, as the paper's introduction points out.

[M]odern technological innovations have significantly increased the threat to American liberty by giving today’s FBI the capability to collect, store, and analyze data about millions of innocent Americans. The excessive secrecy with which it cloaks these domestic intelligence gathering operations has crippled constitutional oversight mechanisms. Courts have been reticent tochallenge government secrecy demands and, despite years of debate in Congress regarding the proper scope of domestic surveillance, it took unauthorized leaks by a whistleblower to finally reveal the government’s secret interpretations of these laws and the Orwellian scope of its domestic surveillance programs.

There is evidence the FBI’s increased intelligence collection powers have harmed, rather than aided, its terrorism prevention efforts by overwhelming agents with a flood of irrelevant data and false alarms. Former FBI Director William Webster evaluated the FBI’s investigation of Maj. Nadal Hasan prior to the Ft. Hood shooting and cited the “relentless” workload resulting from a “data explosion” within the FBI as an impediment to proper intelligence analysis.

Lack of oversight? Excessive secrecy? Too much data? The FBI has all the same bad traits as its security counterpart.

Here's some more from the report.

In 2008, the US Attorney General granted the FBI permission to utilize investigations called "assessments" which required no predicate and granted the agency power to conduct these as though they were actual investigations and use all the tools normally available. The FBI was only too happy to take the AG up on his offer.

In a two-year period from 2009 to 2011, the FBI opened over 82,000 “assessments” of individuals or organizations, less than 3,500 of which discovered information justifying further investigation.

Beyond these 82,000 fishing expeditions, the FBI also misused National Security Letters in order to bypass the very minimal restrictions its data collection efforts were subjected to.

A 2007 Inspector General audit revealed that from 2003 through 2005 the FBI issued over 140,000 National Security Letters —secret demands for certain account information from telecommunications companies, financial institutions, and credit agencies that require no judicial approval — almost half of which targeted Americans.

The FBI's abuse of the NSLs goes even further than the fact that the agency nearly continuously wrote itself blank surveillance checks for three straight years. The ACLU notes that the agency so thoroughly abused the program that it truly had no idea how many letters had been issued. An audit of the program also found that 60% of the audited files had no supporting documentation and that 22% contained at least one unreported legal violation.

A second audit report in 2008 failed to find any signs of improvement, but it did uncover signs of an agency trying to cover its tracks.

High-ranking FBI officials improperly issued eleven “blanket National Security Letters” in 2006 seeking data on 3,860 telephone numbers, in an effort to hide that the data had been illegally collected with “exigent letters."

"Exigent letters" being only one of the means the FBI used to illegally acquire data. The report goes on to mention the infamous Post-It notes and other collection methods… like reading over a telco employee's shoulder.

In a document that reads as if it were written during the Hoover era, an FBI agent describes the peace group Catholic Worker as having “semi-communistic ideology.”

Post-9/11, the agency became unstoppable, even considering the excesses of the Hoover era.

During the FBI’s relentless investigation of the 2001 anthrax attacks, for instance, The New York Times reported that several people falling under suspicion lost jobs, were placed on watch lists, had citizenship and visa applications denied, and personal relationships destroyed. The FBI publicly hounded bioterrorism researcher Steven Hatfill for over a year, following him so closely with up to eight FBI surveillance cars that one of them once ran over his foot. FBI officials later acknowledged Hatfill was completely innocent, and the Justice Department paid him $4.6 million in damages.

The FBI then turned its sights on another researcher, Bruce Ivins, who suffered a mental breakdown and committed suicide.

The FBI, like the NSA, is also very proud of its haystacks and haystack-building programs.

An FBI budget request for fiscal year 2008 said the FBI had amassed databases containing 1.5 billion records, and two members of Congress described documents predicting the FBI would have 6 billion records by 2012, which they said would represent “20 separate ‘records’ for each man, woman and child in the United States.”

And despite all of this data, terrorists continued to slip through the FBI (and NSA's) grasp. The House Homeland Security Committee pointed out shortly after the Boston Bombing that Tamerlan Tsarnaev was the sixth terrorist attack by a "person previously known to the FBI or CIA."

And as the FBI seeks out new sources of data to add to the billions of records it's already drowning in, it's continuing to lie and obfuscate in order to grab more and hold onto it longer.

A tax fraud prosecution in Arizona revealed that the FBI has been failing to inform judges about the particularly invasive nature of “Stingray” devices when it seeks to obtain court orders for location information…

The ACLU of Northern California obtained Justice Department documents showing the FBI has been obtaining pen register orders—which authorize the government to obtain telephone numbers called from and received by a particular mobile device based on a relevance determination—to obtain location data using IMSI catchers, without telling the magistrate judges that this invasive technology would be used.

As was stated earlier, much of what's included here has been uncovered before, but the ACLU's comprehensive report leaves no stone unturned (and no footnote unlinked) in its takedown of an agency whose actions over the last decade have become increasingly abusive.

The FBI doesn't deserve to be let off the hook simply because the national debate on civil liberties and safety is mainly focused on the NSA's actions. It has proven to be just as careless in regards to respecting the rights of Americans and just as bold in its overreach.

from the take-that,-surveillancestronauts! dept

If you're going to go after the world leader in untargeted data collections, you might as well be just as unfocused. After details of the NSA's spying efforts in Brazil drove the president to cancel her trip to the US, some of that anger spilled over to the public. And a certain member of the Brazilian public, one "BMPoc," decided to lash out in the most internet of ways -- by defacing websites linked with the intelligence agency. The only problem was BMPoC was one letter off.

Multiple NASA websites were defaced last week by a Brazilian hacktivist who may have misread the sites' URLs, because he wasn't protesting about the US space agency giving joyrides to inhuman stowaways – he was protesting against NSA spying.

“BMPoC” hit kepler.arc.nasa.gov and 13 other sites with messages protesting against US spying on Brazil, as well as a possible US military intervention in Syria.

Ah, NASA. The non-spy agency whose efforts over the years have resulted in a number of technological advancements we take for granted. NASA is a very, very, VERY outwardly focused agency, which perhaps explains why its internal controls are so lax it's referred to as the "low hanging fruit" of the government website defacement field.

What the hacker lacked in accuracy, he made up for in successful hits and enthusiasm. The following warning graced unsuspecting NASA aficionados for several hours earlier this week.

NASA HACKED! BY #BMPoCWe! Stop spy on us! The Brazilian population do not support your attitude! The Illuminati are now visibly acting!

Obama heartless! Inhumane! you have no family? the point in the entire global population is supporting you. NOBODY! We do not want war, we want peace!!! Do not attack the Syrians.

Coherent, it is not, thanks to the language barrier, a fundamental misunderstanding that all acronyms are not created equal, and the obligatory Illuminati reference. NASA, duly chastened by orders to cease all "spy" and change its unsupported attitude, released the following statement.

"A Brazilian hacker group posted a political message on a number of NASA websites. ... Within hours of the initial posting, information technology staff at the Ames Research Center discovered the message and immediately started an investigation, which is ongoing," he said. "At no point were any of the agency’s primary websites, missions or classified systems compromised."

In other words, the attack was about as harmful as graffiti. Perhaps even safer considering it wasn't scrubbed off the "walls" by a group of low-level criminals putting in community service hours.

Other than the wrong acronym and the Illuminati, BMPoC is absolutely correct. Brazilians do not support the NSA's spying or attitude and most of the world is very definitely not supportive of the US engaging with Syria. (Well, "engaging" by way of bombs, missiles and boots on the ground, anyway.)

If the secret to fighting a successful battle is knowing your enemy, BMPoC is no Sun Tzu (or even Ambrose Burnside, for that matter). On the plus side, website defacing is much more anonymous and less prone to crippling embarrassment than an in-person protest -- especially one that finds the protester a few blocks away from his or her intended target, yelling at equally confused people about actions they never took and things they never said.

from the the-next-tactic dept

Remember back when Immigrations and Customs Enforcement (ICE) from the Department of Homeland Security was seizing domain names over file sharing claims based on a very questionable interpretation of the law? It got so bad that ICE had to return some of them because the DOJ had no case, and the federal government had flat out censored some websites for over a year based on bogus information.

Since then, ICE has mostly kept away from seizing domains related to copyright infringement issues (focusing instead on trademark issues, which have many of the same problems, but get less attention). However, it appears that the legacy entertainment industry liked what it saw with this whole "target the domains" strategy. TorrentFreak is reporting that Universal Music in Germany went after the torrent site H33t, not by going after the site directly, but by getting the court to issue an injunction against the domain registrar the site used to get its domain. The registrar looked at the injunction -- which told it that it was responsible for blocking anyone using H33t from sharing Robin Thicke's album "Blurred Lines." The registrar, Key-Systems, realized the only way to do that was to take down the entire site, which it did by removing the name servers. H33t quickly popped up on another domain (now with lots more attention due to the takedown attempt).

Either way this is disturbing on many levels. H33t didn't know this was happening and was given no chance to defend itself. The registrar seems equally concerned about the implications of this, and how others might get broad and ridiculous injunctions sent to registrars, rather than the actual party responsible:

This is the first time that a torrent site has been targeted by a copyright holder through a domain registrar. While the details of the injunction haven’t been made available to the public it sets a dangerous precedent. This is also one of the main reasons why Key-Systems is determined to fight the ruling.

“We regret that we cannot comment in detail on an ongoing legal matter that is yet to be finally decided by the court, however we are determined to get this court order lifted as soon as possible,” Greimann tells TorrentFreak.

Already, it's concerning enough that the entertainment industry likes to target secondary players like the tools providers, rather than those who are actually engaging in the infringement. But here it's gone to another level, where the target is a tool provider to a tool provider of someone who may be infringing.

from the aw,-how-cute!-it-thinks-it's-above-the-law! dept

Under the guidance of Chief Ray Kelly and Mayor Mike Bloomberg, the NYPD has transformed into an autonomous militarized force. Technically, it answers to Bloomberg and Kelly, but they've both shown extreme amounts of resistance to reining in any of the PD's excesses.

Any attempts at bringing oversight and accountability to the force are met with anger and condescension, despite the fact that the NYPD's casual abuse of New Yorker's civil liberties are the subject of major lawsuits and city council legislation, as well as a sizable contributor to the city's annual outlay of $700-800 million in settlements.

Since at least 2003, the New York Police Department has been labeling some of its internal documents "Secret," a designation that has baffled government secrecy experts, journalists and civil liberties lawyers.

By labeling documents "secret," the Intelligence Division appears to be operating its own in-house classification system, similar to those used at federal agencies like the CIA, where Intel's chief, David Cohen, previously worked for 35 years.

Some of the documents also include the caveat, in all-caps, that "No portion of this document can be copied or distributed without the exclusive permission of the policy commissioner or deputy commissioner of intelligence."

Why is this "baffling?" Because the NYPD's in-house classification system has nothing legal to back it up.

"You know what that [label] means? It means diddly," said Robert Freeman, executive director of New York's Committee on Open Government. "I think the police department is following the lead of the federal government. The difficulty is, in my opinion, it does not have a legal basis for doing that."

Christopher Dunn, associate legal director at the New York Civil Liberties Union, told HuffPost he has only seen the label on documents created after 2001. He agreed with Freeman that "as far as I know, this marking has no legal significance."

The NYPD remains a law unto itself. Bloomberg has referred to it as the "seventh biggest army in the world" (and his own "personal army") and has, over the course of his three terms, indulged every excess. It should be noted that former CIA officer David Cohen got the ball rolling on the civil liberties-violating "Demographics Group" (the one that labeled entire mosques as terrorist entities) late in 2002, which would explain the noticeable uptick in "SECRET" documents in 2003. Nothing drives overclassification more than a combination of dubious legality and working hand-in-hand with national intelligence agency liaisons.

And it would appear that the NYPD still has lots of secrets it's not willing to share with the public. HuffPo points to this story from 2011 in which Chief Kelly makes the claim that the NYPD could "take down an airplane" thanks to its anti-aircraft weaponry. That itself should be troubling enough and a strong indicator that Bloomberg and Kelly are better qualified to run a banana republic than an American city, but when asked to comment on the PD's anti-aircraft guns, Bloomberg responded with this smirk of a statement:

"New York City Police Department has lots of capabilities you don't know about and you won't know about them."

That's comforting. Nothing like having the commander-in-chief of the "seventh biggest army in the world" tell you his force might have even bigger tricks up its sleeve than anti-aircraft weapons.

On the bright side, Mayor for life Bloomberg will be leaving soon and the front runner for his position, Bill De Blasio, gave the police force a failing grade for its responsiveness to FOI requests and will be likely looking to force the PD to shoot for a low-C at minimum. If Chief Kelly sticks around, though, De Blasio will have an uphill battle to fight against the ingrained arrogance and contempt that pervades the NYPD's upper management.